IngeHack: EDR Evasion

πŸ§‘β€πŸš€ published on Tue Apr 21 2026 Β· 1 min read

An Active Directory series from IngeHack. The chain is built around a Windows environment with Defender active β€” meaning before you can do anything meaningful, you have to get your tooling past it. That was the first challenge, and the one this writeup covers for now.

The approach was modifying GodPotato to strip or replace the signatures that Defender flags, combined with techniques for building custom versions of common tools that don’t carry recognizable bytecode patterns. The two resources below were the most useful references for this:

To be continued.

Tagged: windowsactive-directoryedr-evasionantivirus-bypassingehack

Back to Writeups Next: HackINI 2026: Shell-DC